Do you have clamav in your flow? The sanesecurity rules catch a lot of stuff for us.
--Ted
On Mon, Oct 27, 2014 at 3:28 PM, Derek Murawsky <dmuraw...@gmail.com> wrote:
Another vote for Barracuda here. It's a fire and forget solution that just works. My new company is migrating from On-prem exchange to Exchange online and I'm nervous. Hoping their spam filter is as good as the Barracuda devices we've used in the past.-DerekOn Mon, Oct 27, 2014 at 2:05 PM, Starchy <star...@gmail.com> wrote:Spam fighting is pretty much the bane of my existence. I manage one of
the oldest active domains on the Internet, our threat model precludes us
from using external services or proprietary vendors for anything
touching email, and some of my users have strong feelings about anything
resembling blacklists.
This latest surge might give us a change to revisit our use of RBLs, but
avoiding false positives is also important to us, and I've seen a few of
the RBLs block us for strange reasons. As nice as the experience Gmail's
spam filtering provides is, I've missed a number of important emails
over the years thanks to how many false positives it generates.
I'd love to be able to farm things out to Barracuda or IronPort, but for
now the best I've been able to manage is endless tuning of SpamAssassin
with Pyzor. If anyone else is going the self-hosted, open source route
and found something more effective, I'd be interested in hearing about
that, myself.
On 10/27/2014 10:04 AM, Tom Perrine wrote:
> TL;DR
>
> anti-junkmail systems that use a larger sample size win over what you
> can do in your email client, or in a single standalone email system.
> Most of the appliance/server/cloud products that incorporate a wider
> view than just your domain(s) seem quite comparable and pretty good.
>
> ...
>
> I think we've all been learning the same things, perhaps by different routes...
>
> Content analysis (including Bayesian) will only get you so far, unless
> you have a really big sample set.
>
> Reputation systems, for better or worse, seem to be the major
> "winners" for email filtering, but you need a "wide telescope" (AKA
> lots of participants) to do a good job. Obviously there's some
> contextual analysis going on behind the scenes, along with other
> techniques, but the sample sizes available to the reputation systems
> are on a completely different scale than what a person, or even large
> business can do themselves.
>
> Years ago I "outsourced" several of my email addresses to Google, just
> because I was tired of maintaining a hodgepodge of anti-SPAM tools all
> cobbled together. Its gotten MUCH easier to do this now; almost all
> the tools play together much better and all install/integrate much
> easier, but I've got more interesting things to do than maintain
> anti-spam systems for my 5 home users :-(
>
> The reputation systems built into Barracuda are pretty good. Most of
> the people I've spoken to who are small-mid sized seem to like them. I
> know of a .EDU that deployed a bunch of Barracudas to protect their
> individual departmental mail servers and were very happy with them for
> a few years.
>
> For larger enterprises, IronPort seems to be popular. We've run them
> here for years to protect (at one time) about 5000 mailboxes. This
> might have been doable on Barracuda, but was quite easy on IronPort.
> The last time I looked (last year?), we were rejecting about 95+% of
> inbound connections at TCP SYN time due to the IP level reputation
> filters. I was seeing about 1 SPAM/month on that system.
>
> I believe that IronPort makes part of their reputation system publicly
> available? If so, that's an RBL I should add to my home system :-)
>
> Google's reputation system is well hidden but seems to have done a
> good job of crowdsourcing SPAM detection to the users :-) I've seen
> emails show up in the header list that were obviously spam, which I
> didn't open. I went back anywhere from 15 minutes to 2 hours later,
> and the SPAM messages had vanished. Obviously enough people clicked
> "SPAM" on those messages to train the Google system which went and
> retroactively cleaned the mailbox. That used to happen about 2-3 times
> per month, I haven't seen that happen in the past 6 months.
>
> Microsoft's cloud solution seems to do pretty well. We use it for
> fronting Exchange, and we usually see about the same amount of
> SPAM/malware as the other solutions. There's the issue that you're
> sending all your email via Microsoft to do content analysis, which
> might matter to some. But that's going to happen with all the cloud
> based systems.
>
> We have a group that is currently using MessageLabs, anecdotally, they
> see the same kinds of defense "quality".
>
> Every once in a while the SPAMers will spin up a new botnet, and we'll
> see a spate of SPAM get through the MS and the IronPort solutions for
> a few hours or days. I think we've seen this about 1 a year, for about
> 2 hours-2 days, depending... It always seems to coincide with media
> reports of "SPAMMERS HAVE CREATED A NEW 100K SKYNET BOTNET TO DELIVER
> SPAM!!! OMG!! RUN!! MAILPACOLYPSE!!". Aaaand a day or two later, we're
> back to normal.
>
> So, from my limited perspective, anti-SPAM is like anti-virus: it's
> become a commodity, there are several good products that will have
> (mostly) comparable quality. Like AV, there's really not much need to
> roll your own, unless you need an open source (free) product, in which
> case it's gotten easier.
>
> Sorry for the long-winded answer, hope it was helpful.
>
>
>
> On Mon, Oct 27, 2014 at 4:24 AM, Edmund White <ewwh...@mac.com> wrote:
>> There isn’t too much to it. These days, spam filtering should be pretty
>> hands-off, and some of the old-school approaches are outdated.
>>
>> I’ve been selling and deploying Barracuda Spam filter appliances to my
>> customers since 2007, and using their Cloud filtering solution for the past
>> 18 months. It’s all works very well and is transparent to the users. I’m
>> happy with Barracuda’s RBL, which is the core of the product.
>> Inbound/outbound, spooling, LDAP and multiple domains are all supported. The
>> usual content, source/destination switches are in place. Analyzing headers
>> is easy, and the interface of both the appliance and cloud solution is
>> intuitive enough for me to hand over to customers to self-manage.
>>
>> Barracuda Cloud: https://www.barracuda.com/products/emailsecurityservice
>> Barracuda Spam Firewall: https://www.barracuda.com/products/spamfirewall
>>
>> The approach to training the spam filter and initial deployment is different
>> these days. I used to spend hours training the filter to discern SPAM from
>> HAM and engage the Bayesian database to influence scoring on the Barracuda
>> appliances. Nowadays, Barracuda recommends that Bayesian filtering be left
>> off. The RBL (BRBL) has gotten that good. False-positives are infrequent.
>> The Barracuda “Intent Analysis” feature handles the phishing and suspicious
>> URL and header scanning. See: http://www.barracudacentral.org, as they
>> leverage their Web filter URL classification data for the spam filters.
>>
>> Right now, the Barracuda appliances are still in the $3k+ range for the Spam
>> firewall. It’s high and the licensing policy and reliance on cheap-ish
>> hardware isn’t worth it. I’ve let most of my appliance’s contracts lapse and
>> moved filtering to the Barracuda cloud solution. This also cuts down on mail
>> bandwidth; a perfect application for a cloud service. My cost has been
>> around $8/user/year, billed in blocks of 100 mailboxes, but I think it’s
>> negotiable. Far less expensive than the appliance if your business is okay
>> with offsite. Retention is 30 days, I believe. I’ve had one short 4-hour
>> outage of the service in the past 1.5 years.
>>
>> I manage mail systems for 35 companies. I probably look at the spam filters
>> 1-2 times per week; usually to whitelist a vendor sending mail from a
>> residential broadband line. It’s interesting to deal with other
>> organizations and their filtering solutions. I’ve learned what NOT to use
>> based on that. Otherwise, my decision process has been based on mindshare,
>> mail volume and ease of use/management. Barracuda deals with a lot of mail.
>> Google deals with a LOT of mail. Microsoft’s servers deal with a ton of
>> mail. I’ve had problems with some firms who are on the Microsoft side. Very
>> few issues delivering to gmail and Google Apps types. Lots of problems with
>> people who rely on bad RBLs or have misconfigured mail servers.
>>
>> --
>> Edmund White
>> e...@ewwhite.net
>>
>> From: "Edward Ned Harvey (lopser)" <lop...@nedharvey.com>
>> Date: Monday, October 27, 2014 at 5:56 AM
>> To: "tech@lists.lopsa.org" <tech@lists.lopsa.org>
>> Subject: Re: [lopsa-tech] How to choose Junk Filter?
>>
>> No response?
>>
>>
>>
>> Surely people here must be using junk filter products? How do you go about
>> choosing what product to deploy?
>>
>>
>>
>>
>>
>>
>>
>> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On
>> Behalf Of Edward Ned Harvey (lopser)
>> Sent: Friday, October 24, 2014 10:14 PM
>> To: tech@lists.lopsa.org
>> Subject: [lopsa-tech] How to choose Junk Filter?
>>
>>
>>
>> Do you perceive a quality difference between various junk filtering
>> products?
>>
>>
>>
>> Whether you do or don't notice the difference, do you think there's room for
>> improvement?
>>
>>
>>
>> How do you choose what to deploy?
>>
>>
>>
>> I am looking at these guys - http://www.astraid.com/phishingguardian/
>>
>> Although our existing spam filters are pretty good with MS and Google, I
>> *do* think there's room for improvement, and in particular, these guys are
>> security-centric and claim to be better for preventing Phishing and Social
>> Engineering Attacks.
>>
>>
>>
>> Even if they are better, even if I personally come to believe they are
>> better... How do you go about making your decisions about this sort of
>> thing?
>>
>>
>> _______________________________________________
>> Tech mailing list
>> Tech@lists.lopsa.org
>> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
>> This list provided by the League of Professional System Administrators
>> http://lopsa.org/
>>
> _______________________________________________
> Tech mailing list
> Tech@lists.lopsa.org
> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
> This list provided by the League of Professional System Administrators
> http://lopsa.org/
>
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
